Update: final winners will be announced in 24-48 hours, when logs have been analyzed to assure fair play.

Update: to help us improve for next year, please consider filling out our feedback form: REDACTED

Update: it's over! Thanks so much for playing, we hope you had a good time!

Update: 10 minutes to go.

Update: Like the look of our sponsors? They are all hiring. Please fill out the recruitment form which you can access when logged in.

Update: freenode is having problems, check twitter for updates.

Competition information

Welcome to the 9447 Security Society CTF. Teams of any size and composition are invited to register today.

This Jeopardy-style information security competition is run online and teams can compete from any location. This site is used for retrieving challenges, submitting flags and tracking scores during the competition. Updates and service statuses will be posted on our twitter account. Important team-specific updates will be sent by email to registered teams, if needed.

The competition is set to run continuously for 48 hours, starting at 23:00 UTC, Friday the 27th of November, 2015

Rules

Teams breaking rules may be penalized or excluded from the competition. Logs will be analyzed to ensure fair play, and the final winners will be announced within 24 hours of competition ending.

Teams

Can be of any size.

Can be of any origin and composition.

It is not allowed

for teams with independent accounts to cooperate.

to attack, attempt to uncover or in any way exploit flaws in the competition infrastructure. This includes any and all entities not explicitly pointed to as fair targets in the challenges. If flaws in the infrastructure are found however, please rest assured that you can report these without being disqualified.

to sabotage or in any way hinder the progress of other competing teams. This includes attempting to destroy a challenge after you have completed it.

to generate large amounts of traffic - none of the challenges can be solved by running automated scanners - please do not do so, as you risk being excluded from the competition.

to brute-force challenge flags/keys against the scoring site.

For placing teams to receive prizes, they must

produce a short writeup of each challenge, explaining how it was solved. This writeup will be published.

receive payment through PayPal or BTC.

in case of physical prizes, provide an address.

Scoring

The goal of each challenge is to uncover a "flag", which is a string of text. The flags for each challenge are submitted on this site in order to receive points. Challenges award varying amounts of points depending on difficulty. The teams with the most amount of points at the end of the competition wins (see below).

Flags are of format 9447{<some_string>}. Please submit the entire flag, including 9447{}.

The scoreboard is automatically updated to reflect the current state of the competition. Discounting any teams being disqualified, the scoreboard will reflect the final rankings when the competition ends. In the event of a tie for points, the team to fastest submit their flags wins. The scoreboard reflects this.